An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

HomeNewsArticle Display

DFAS warns service members of scam emails

FORT GEORGE G. MEADE, Md. (AFNS) -- Defense Finance and Accounting Service recently released a statement warning of email scams targeting military members, military retirees, and civilian employees.

According to the statement, the most recent email scam indicates that individuals who are receiving disability compensation from the Department of Veterans Affairs may be able to obtain additional funds from the Internal Revenue Service, but only if they send copies of their income tax information.

Scammers have even gone so far as to "spoof" DFAS email addresses so that the recipients would think it was actually coming from DFAS personnel. In a spoofing email, the scammer makes it appear that the message is coming from a legitimate source. This is to try to lure the reader into believing it's genuine.

"(Scammers) manage to find a way to appear legitimate when they're not," said Edward Peace, the senior cyberwarfare instructor for the 39th Information Operations Squadron at Hurlburt Field, Fla. "In some cases, it looks like it's from a legitimate source, but in other cases if you inspect it just a little bit deeper, just looking at where the email came from you would be tipped off right way. But most people don't look at it; They just look at the content, it looks legitimate and they go from there."

To fool people, Peace said, the scam artist may create a server so that the URL is close to that of a legitimate site, for example using .mic instead of .mil at the end of the Web address. People can avoid these scams by closely reading the address from which the email was sent.

Though these scam artists have found ways to spoof the DFAS email address, this does not mean that customer accounts were compromised.

"We have not had an incident that has threatened our security or the accounts of our customers," said Steve Burghardt, a DFAS media relations officer. "We are always on the lookout. And we're taking steps to (educate) folks."

To that end, DFAS officials are developing pages on their website to highlight their official email policy, examples of scam emails and law enforcement agencies that can initiate an investigation.

DFAS officials are also trying to make this information readily available via myPay, Burghardt said.

"That's our biggest concern," he said. "As long as you keep your login credentials private and to yourself, then your account is pretty much assured a fairly decent amount of security. But if you give that away or give out that information that people can use to get new credentials ... I can always impersonate you and say, 'I lost my login credentials, get me a new one.'"

Besides getting their personal information stolen, people can also fall victim to computer attacks by even opening these emails.

For example, if there are HTML attachments or links in the email, they can drop malware on the computer, usually a Trojan horse, Peace said. If this happens, the Trojan will call out to wherever they want it to and start to do series of different things, such as loading more malware on the computer or turn the computer into part of a botnet. In the latter scenario, one's computer is taken over by a hacker, made part of a larger network and used mostly for nefarious purposes.

In order to avoid falling victim to these computer viruses and malware, people using commercial email accounts should immediately erase these scam emails, Peace said. Service members who receive these types of email on their .mil accounts should immediately notify their network administrator.

For more information on the DFAS email policy, click here. For the latest DFAS updates, click here.